Rename ssl dir to certs

Directory name `certs` is more suitable for storing SSL certificates.

I think...

README.md

@@ -18,7 +18,7 @@ When you run the `kickstart.sh` script with `-I` option:
 3. Add Nginx apt repository to `/etc/apt/sources.list.d/nginx.list`.
 4. Prioritize Nginx official packages over distribution-provided ones.
 5. Install `nginx` and  `nginx-module-geoip`.
-6. Create "boilerplate" directory (`/etc/nginx/{ssl,sites-enabled,snippets}`).
+6. Create "boilerplate" directory (`/etc/nginx/{certs,sites-enabled,snippets}`).
 7. Generate self-signed certificate and DH Params key exchange.
 
 When you run the `kickstart.sh` scipt with `-V` option:
@@ -69,7 +69,7 @@ If you following usage instruction above, your `/etc/nginx` directory structure
 |   |-- cloudflare_real_ips.conf
 |   |-- cloudflare_whitelist.conf
 |   `-- ssl-params.conf
-|-- ssl
+|-- certs
 |   |-- dhparam.pem
 |   |-- fullchain.pem
 |   `-- privkey.pem

etc/nginx/sites-available/example.local.conf

@@ -22,8 +22,8 @@ server {
     # vhost_traffic_status_filter_by_set_key $geoip_country_code country::$server_name;
 
     # This will be replaced with certbot if you use that.
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
-    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
 
     include /etc/nginx/snippets/ssl-params.conf;
 

etc/nginx/snippets/ssl-params.conf

@@ -4,7 +4,7 @@
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:10m;  # about 40000 sessions
 ssl_session_tickets off;
-ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+ssl_dhparam /etc/nginx/certs/dhparam.pem;
 ssl_protocols TLSv1.2 TLSv1.3;
 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
 ssl_prefer_server_ciphers off;

kickstart.sh

@@ -91,17 +91,17 @@ install()
     apt-get update && apt-get install nginx nginx-module-geoip -y
 
     # Creating and copying our nginx config directory
-    mkdir -p /etc/nginx/{ssl,sites-enabled,snippets}
+    mkdir -p /etc/nginx/{certs,sites-enabled,snippets}
 
     # The self-signed certificate only used for "boilerplate" config.
     # You must use certificates issued bt real CA, for example: certbot.
-    if [ ! -f /etc/nginx/ssl/dhparam.pem ]; then
+    if [ ! -f /etc/nginx/certs/dhparam.pem ]; then
         PRI "Creating self-signed certificates and dhparams..."
         openssl req -x509 -newkey rsa:4096 -days 365 -nodes \
-            -keyout /etc/nginx/ssl/privkey.pem              \
-            -out /etc/nginx/ssl/fullchain.pem               \
+            -keyout /etc/nginx/certs/privkey.pem            \
+            -out /etc/nginx/certs/fullchain.pem             \
             -subj '/CN=example.local/O=My Organization/C=US'
-        openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
+        openssl dhparam -out /etc/nginx/certs/dhparam.pem 2048
     fi
     nginx -t && systemctl restart nginx
     echo